From ada5e9042483a435f11f2c12ac5e857c59afe9bc Mon Sep 17 00:00:00 2001
From: Martin Stransky <stransky@redhat.com>
Date: Tue, 27 Oct 2020 10:39:44 +0100
Subject: Added fix for rawhide crashes (rhbz#1891234)

---
 mozilla-1673202.patch | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 mozilla-1673202.patch

(limited to 'mozilla-1673202.patch')

diff --git a/mozilla-1673202.patch b/mozilla-1673202.patch
new file mode 100644
index 0000000..711a975
--- /dev/null
+++ b/mozilla-1673202.patch
@@ -0,0 +1,46 @@
+# HG changeset patch
+# User Jed Davis <jld@mozilla.com>
+
+Bug 1673202 - Call fstat directly in Linux sandbox fstatat interception. r?gcp
+
+Sandbox policies handle the case of `fstatat(fd, "", AT_EMPTY_PATH|...)`
+by invoking the SIGSYS handler (because seccomp-bpf can't tell if the
+string will be empty when the syscall would use it), which makes the
+equivalent call to `fstat`.
+
+Unfortunately, recent development versions of glibc implement `fstat` by
+calling `fstatat`, which causes unbounded recursion and stack overflow.
+(This depends on the headers present at build time; see the bug for more
+details.)  This patch switches it to use the `fstat` (or `fstat64` on
+32-bit) syscall directly.
+
+Differential Revision: https://phabricator.services.mozilla.com/D94798
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+index 9bdb10c49e085..a128cce7b266c 100644
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -294,17 +294,21 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
+     auto broker = static_cast<SandboxBrokerClient*>(aux);
+     auto fd = static_cast<int>(aArgs.args[0]);
+     auto path = reinterpret_cast<const char*>(aArgs.args[1]);
+     auto buf = reinterpret_cast<statstruct*>(aArgs.args[2]);
+     auto flags = static_cast<int>(aArgs.args[3]);
+ 
+     if (fd != AT_FDCWD && (flags & AT_EMPTY_PATH) != 0 &&
+         strcmp(path, "") == 0) {
+-      return ConvertError(fstatsyscall(fd, buf));
++#ifdef __NR_fstat64
++      return DoSyscall(__NR_fstat64, fd, buf);
++#else
++      return DoSyscall(__NR_fstat, fd, buf);
++#endif
+     }
+ 
+     if (fd != AT_FDCWD && path[0] != '/') {
+       SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, 0x%x)",
+                         fd, path, buf, flags);
+       return BlockedSyscallTrap(aArgs, nullptr);
+     }
+ 
+
-- 
cgit